Intrusion detection method using adaptive rule estimation in network-based instrusion detection system

US 20030115486A1
Filed: 10/18/2002
Published: 06/19/2003
Est. Priority Date: 12/14/2001
Status: Abandoned Application

First Claim

Patent Images

1. An intrusion detection method by adaptive rule estimation in a network-based intrusion detection system (NIDS), comprising the steps of:

collecting a packet on a network, and searching for an original rule most similar to the collected packet from a rule database in which a rule for intrusion detection is stored; and

judging whether a hacker intrudes by estimating a changed position of the collected packet from the original rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An intrusion detection method by adaptive rule estimation in a network-based intrusion detection system (NDS) is disclosed. The method includes collecting a packet on a network and searching for an original rule most similar to the collected packet from a rule database in which a rule for intrusion detection is stored, and judging whether a hacker intrudes by estimating a changed position of the collected packet from the original rule. Accordingly, it is possible to prevent an indirect attack of a hacker using a packet whose number of bits is changed due to deletion/insertion of characters from/into the packet.

60 Citations

View as Search Results

3 Claims

1. An intrusion detection method by adaptive rule estimation in a network-based intrusion detection system (NIDS), comprising the steps of:
- collecting a packet on a network, and searching for an original rule most similar to the collected packet from a rule database in which a rule for intrusion detection is stored; and
  
  judging whether a hacker intrudes by estimating a changed position of the collected packet from the original rule.
- View Dependent Claims (2, 3)
- - 2. The intrusion detection method of claim 1, wherein the step of collecting the packet and searching for the original rule comprises the steps of:
    - searching for rules similar to the packet collected on the network from the rule database;
      
      performing a character leveling work for the packet and the rules using a character table;
      
      calculating a mean square error (MSE) between the packet and the rules; and
      
      judging a rule whose MSE is minimum as an original rule the most similar to the packet.
  - 3. The intrusion detection method of claim 1, wherein the judging step comprises the steps of:
    - calculating a norm count (NC) that is a difference value in character length between the packet and the original rule;
      
      performing a character leveling work for the packet, estimating a changed position from the original rule, and moving the character position of the packet; and
      
      comparing the packet corrected due to the movement of the character position with the original rule, to thus judge whether a hacker intrudes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Choi, Byeong Cheol, Sohn, Sung Won, Seo, Dong Il, Park, Chee Hang

Application Number

US10/273,140
Publication Number

US 20030115486A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

Intrusion detection method using adaptive rule estimation in network-based instrusion detection system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

3 Claims

Specification

Solutions

Use Cases

Quick Links

Intrusion detection method using adaptive rule estimation in network-based instrusion detection system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

3 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links